Physical controls for electromagnetic emanations are called what?

Physical controls for electromagnetic emanations are called what?

Question 1. 1. (TCO A) What are the goals of information security? (Points : 5)

Administrative, technical, and physical

Confidentiality, accountability, and integrity

Confidentiality, integrity, and accountability

Technical, integrity, and administrative

Confidentiality, integrity, and availability

Question 2. 2. (TCO A) Security controls protect ______. (Points : 5)

facilities

people

information

computers and networks

All of the above

Question 3. 3. (TCO B) Due care is used as a test to determine whether management has taken precautions that are ______. (Points : 5)

compliant

legal

reasonable

secure

readiness

Question 4. 4. (TCO B) Regulations that enforce compliance, including SOX, FERPA, FISMA, and GLB, require protection of ______. (Points : 5)

governments

industries

types of information

personal privacy

computer systems

Question 5. 5. (TCO C) What is a privilege? (Points: 5)

The authority to use an information asset in a particular way

The ability to use an information asset in a particular way

The right to use an information asset in a particular way

The means to use an information asset in a particular way

None of the above

Question 6. 6. (TCO C) Access control can be based on ______. (Points : 5)

roles

location

message routes

time of day

All of the above

Question 7. 7. (TCO D) Physical controls for electromagnetic emanations are called what? (Points : 5)

SPREAD SPECTRUM

SHIELDING

TEMPEST

BLACKOUT

None of the above

Question 8. 8. (TCO E) What threats are most likely to compromise CIA safeguards? (Points : 5)

Viruses

Malicious codes

Spyware

Employees

External hackers

Question 9. 9. (TCO E) What is the name of the phenomenon in which two pieces of information are nonsensitive in isolation but when combined produce highly sensitive information? (Points : 5)

Combinatorics

Synthesis

Aggregation

High-water mark

None of the above

Question 10. 10. (TCO F) Adversaries may be ______. (Points : 5)

competitors

employees

news reporters

thrill seekers

All of the above

Page 2

Question 1. 1. (TCO A) Identify the phases of the Computer System Life Cycle and briefly define at least one role of the CSPM in each phase. (Points : 10)

Question 2. 2. (TCO C) What are the vulnerabilities that (1) confidentiality controls, (2) integrity controls, and (3) availability controls protect information assets against? (Points : 10)

Question 3. 3. (TCO B) If the CSPM finds that his or her company has information that needs protection according to company policy (that is, it is considered proprietary company information), but there is no external law, order, or rule that requires protection of that kind of information, how should the CSPM proceed? (Points : 10)

Question 4. 4. (TCO D) Many CSPMs would argue that CCTV should be installed in storage rooms, wiring closets, and other nonpublic areas of buildings; other CSPMs would argue that those are low-frequency access areas and do not need CCTV. How should such a decision whether to install CCTV in such nonpublic areas be made? Who should make the final decision? (Points : 10)

Question 5. 5. (TCO E) What is the single most likely event that will compromise the confidentiality, integrity, or availability of information assets? Briefly explain why you have chosen your answer. (Points : 10)

Question 6. 6. (TCO F) Explain briefly why privileged users are of concern to the CSPM. (Points : 10)

Page: 1 2 3

Page 3

Question 1. 1. (TCO A) Explain why understanding globalism is an important aspect of modern business and why it is also an increasingly important aspect of modern information security. Discuss at least competitive advantage as well as supply-chain issues and legal issues. (Points : 15)

Question 2. 2. (TCO B) Analyze why administrative controls should be documented. (Points : 15)

Question 3. 3. (TCO C) Explain the idea of situation awareness and identify at least five elements that should be part of situation awareness for a wide area network (WAN) environment. (Points : 15)

Question 4. 4. (TCO C) We have looked at compliance legislation for several kinds of information (e.g., health, financial, educational) and have also reviewed requirements for protection of particular kinds of information such as intellectual property (trade secrets, patents, copyrights). Most companies store, process, and handle all of these kinds of information. The number of different compliance statutes written by federal, state, local, and tribal governments and of specialty protection requirements issued by independent commissions (such as riverboat gambling commissions) continue to increase. A CSPM may have to deal with several of these laws or rules. Assuming that the CSPM has identified the rules and laws that apply to his company, how can the CSPM ensure that system controls are sufficient to satisfy all of them? (Points : 15)

Question 5. 5. (TCO D) Evaluate advantages of deploying closed-circuit television (CCTV) in a waiting room. (Points : 15)

Question 6. 6. (TCO E) The SOC was established to measure readiness. However, some components of a computer and network system are more critical for readiness than others. Let’s say that there are three levels of criticality for system components: mission critical, mission essential, and support. Using what you have learned about calculating the security category for information, devise a similar scheme for categorizing computer and network system components for readiness. (Points : 15)

"Looking for a Similar Assignment? Order now and Get a Discount!